Python JWEの例

コード例 #1

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_ecdh_no_setup_dynamic_epk():
    jwenc = JWE(plain, alg="ECDH-ES", enc="A128GCM")
    jwt = jwenc.encrypt([eck_bob])
    assert jwt
    ret_jwe = factory(jwt, alg="ECDH-ES", enc="A128GCM")
    res = ret_jwe.decrypt(jwt, [eck_bob])
    assert res == plain

コード例 #2

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_wrong_key_type():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwenc = JWE(plain, alg="ECDH-ES", enc="A128GCM")
    with pytest.raises(NoSuitableEncryptionKey):
        jwenc.encrypt([encryption_key])

コード例 #3

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_unknown_alg():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwenc = JWE(plain, alg="BCD", enc="A128GCM")
    with pytest.raises(ValueError):
        jwenc.encrypt([encryption_key])

コード例 #4

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_nothing():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")

    decrypter = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    with pytest.raises(ValueError):
        decrypter.decrypt(keys=[encryption_key])

コード例 #5

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_invalid():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")

    decrypter = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    with pytest.raises(BadSyntax):
        decrypter.decrypt('a.b.c.d.e', keys=[encryption_key])

コード例 #6

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_verify_headers():
    jwenc = JWE(plain, alg="ECDH-ES", enc="A128GCM")
    jwt = jwenc.encrypt([eck_bob])
    assert jwt
    decrypter = factory(jwt, alg="ECDH-ES", enc="A128GCM")
    assert decrypter.jwt.verify_headers(alg='ECDH-ES', enc='A128GCM')
    assert decrypter.jwt.verify_headers(alg='RS256') is False
    assert decrypter.jwt.verify_headers(kid='RS256') is False

コード例 #7

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_wrong_alg():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwe = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    _jwe = jwe.encrypt(keys=[encryption_key], kid="some-key-id")
    with pytest.raises(HeaderError):
        factory(_jwe, alg="A192KW", enc="A128CBC-HS256")

コード例 #8

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_no_key():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwe = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    _jwe = jwe.encrypt(keys=[encryption_key], kid="some-key-id")
    decrypter = factory(_jwe, alg="A128KW", enc="A128CBC-HS256")
    with pytest.raises(NoSuitableDecryptionKey):
        decrypter.decrypt(_jwe, [])

コード例 #9

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_wrong_alg_2():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwe = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    _jwe = jwe.encrypt(keys=[encryption_key], kid="some-key-id")
    decrypter = factory(_jwe, alg="A128KW", enc="A128CBC-HS256")
    with pytest.raises(WrongEncryptionAlgorithm):
        decrypter.decrypt(_jwe, [encryption_key], alg='A192KW')

コード例 #10

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_encrypt_jwk_key():
    # This is a weird case. Signing the JWT with a key that is
    # published in the JWT. Still it should be possible.
    jwenc = JWE(plain, alg="ECDH-ES", enc="A128GCM", jwk=eck_bob)
    _enc = jwenc.encrypt()
    assert _enc
    decrypter = factory(_enc, alg="ECDH-ES", enc="A128GCM")
    res = decrypter.decrypt()
    assert res == plain

コード例 #11

def request_object_encryption(msg, service_context, **kwargs):
    """
    Created an encrypted JSON Web token with *msg* as body.

    :param msg: The mesaqg
    :param service_context:
    :param kwargs:
    :return:
    """
    try:
        encalg = kwargs["request_object_encryption_alg"]
    except KeyError:
        try:
            encalg = service_context.get('behaviour')[
                "request_object_encryption_alg"]
        except KeyError:
            return msg

    if not encalg:
        return msg

    try:
        encenc = kwargs["request_object_encryption_enc"]
    except KeyError:
        try:
            encenc = service_context.get('behaviour')[
                "request_object_encryption_enc"]
        except KeyError:
            raise MissingRequiredAttribute(
                "No request_object_encryption_enc specified")

    if not encenc:
        raise MissingRequiredAttribute(
            "No request_object_encryption_enc specified")

    _jwe = JWE(msg, alg=encalg, enc=encenc)
    _kty = alg2keytype(encalg)

    try:
        _kid = kwargs["enc_kid"]
    except KeyError:
        _kid = ""

    if "target" not in kwargs:
        raise MissingRequiredAttribute("No target specified")

    if _kid:
        _keys = service_context.keyjar.get_encrypt_key(_kty,
                                                       issuer_id=kwargs["target"],
                                                       kid=_kid)
        _jwe["kid"] = _kid
    else:
        _keys = service_context.keyjar.get_encrypt_key(_kty,
                                                       issuer_id=kwargs["target"])

    return _jwe.encrypt(_keys)

コード例 #12

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_sym_encrypt_decrypt_jwe():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwe = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    _jwe = jwe.encrypt(keys=[encryption_key], kid="some-key-id")
    decrypter = factory(_jwe, alg="A128KW", enc="A128CBC-HS256")

    resp = decrypter.decrypt(_jwe, [encryption_key])
    assert resp == plain

コード例 #13

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_encrypt_decrypt_rsa_cbc():
    _key = RSAKey(pub_key=pub_key)
    _jwe0 = JWE(plain, alg="RSA1_5", enc="A128CBC-HS256")

    jwt = _jwe0.encrypt([_key])

    _jwe1 = factory(jwt, alg="RSA1_5", enc="A128CBC-HS256")
    _dkey = RSAKey(priv_key=priv_key)
    msg = _jwe1.decrypt(jwt, [_dkey])

    assert msg == plain

コード例 #14

ファイル: message.py プロジェクト: nsklikas/JWTConnect-Python-OidcMsg

    def from_jwe(self, msg, keys):
        """
        Decrypt an encrypted JWT and load the JSON object that was the body
        of the JWT into this object.

        :param msg: An encrypted JWT
        :param keys: Possibly usable keys.
        :type keys: list or KeyJar instance
        :return: The decrypted message. If decryption failed an exception
            will be raised.
        """

        jwe = JWE()
        _res = jwe.decrypt(msg, keys)
        return self.from_json(_res.decode())

コード例 #15

ファイル: message.py プロジェクト: nsklikas/JWTConnect-Python-OidcMsg

    def to_jwe(self, keys, enc, alg, lev=0):
        """
        Place the information in this instance in a JSON object. Make that
        JSON object the body of a JWT. Then encrypt that JWT using the
        specified algorithms and the given keys. Return the encrypted JWT.

        :param keys: list or KeyJar instance
        :param enc: Content Encryption Algorithm
        :param alg: Key Management Algorithm
        :param lev: Used for JSON construction
        :return: An encrypted JWT. If encryption failed an exception will be
            raised.
        """

        _jwe = JWE(self.to_json(lev), alg=alg, enc=enc)
        return _jwe.encrypt(keys)

コード例 #16

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_sym_jwenc():
    encryption_key = SYMKey(use="enc",
                            key='DukeofHazardpass',
                            kid="some-key-id")
    jwe = JWE(plain, alg="A128KW", enc="A128CBC-HS256")
    _jwe = jwe.encrypt(keys=[encryption_key], kid="some-key-id")
    decrypter = factory(_jwe, alg="A128KW", enc="A128CBC-HS256")

    _jwenc = decrypter.jwt
    assert _jwenc.b64_protected_header() == _jwenc.b64part[0]
    assert _jwenc.b64_encrypted_key() == _jwenc.b64part[1]
    assert _jwenc.b64_initialization_vector() == _jwenc.b64part[2]
    assert _jwenc.b64_ciphertext() == _jwenc.b64part[3]
    assert _jwenc.b64_authentication_tag() == _jwenc.b64part[4]

    assert _jwenc.protected_header() == _jwenc.part[0]
    assert _jwenc.encrypted_key() == _jwenc.part[1]
    assert _jwenc.initialization_vector() == _jwenc.part[2]
    assert _jwenc.ciphertext() == _jwenc.part[3]
    assert _jwenc.authentication_tag() == _jwenc.part[4]

コード例 #17

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_encrypt_no_keys():
    jwenc = JWE(plain, alg="ECDH-ES", enc="A128GCM")
    with pytest.raises(NoSuitableEncryptionKey):
        jwenc.encrypt()

コード例 #18

ファイル: test_07_jwe.py プロジェクト: jpslopes/JWTConnect-Python-CryptoJWT

def test_rsa_with_kid():
    encryption_keys = [RSAKey(use="enc", pub_key=pub_key, kid="some-key-id")]
    jwe = JWE("some content", alg="RSA-OAEP", enc="A256CBC-HS512")
    jwe.encrypt(keys=encryption_keys, kid="some-key-id")